Erhan Atalar

Sistem ve Yazılım hakkında kısa notlar

Archive for Şubat, 2014

Adding SFTP-only user to Ubuntu Server

  1. Edit /etc/ssh/sshd_config and make sure to add the following at the end of the file:
    Match group ftpsshonly
        ChrootDirectory %h
        X11Forwarding no
        AllowTcpForwarding no
        ForceCommand internal-sftp
  2. Restart OpenSSH:
    sudo /etc/init.d/ssh restart
  3. Add new group for SFTP-only users:
    sudo addgroup ftpsshonly
  4. Add new user (make sure to switch out username in the following steps to your specified username):
    sudo adduser username
  5. Add user to new group and set permissions:
    sudo usermod -G ftpsshonly username
    sudo chown root:root /home/username
    sudo chmod 755 /home/username
  6. Create directories for user and set final permissions:
    cd /home/username
    sudo mkdir folder_1 folder_2
    sudo chown username:username *
  7. Setup a symbolic link to make the user’s folder available to the public (/var/www/... path will be dependent on your environment):
    sudo ln -s /home/username/USER_DIRECTORY /var/www/

    If you need to view the public directory index, you may have to add a .htaccess file in your PUBLIC_DIRECTORY with: Options +Indexes